Dear Edward, it is not very clear what you want to make. If you want to allow ssh connections to specific host AFAIK the below can help #!/bin/bash iptables -F iptables -t nat -F iptables -t mangle -F iptables -X iptables -t nat -X iptables -t mangle -X # Setting policies....Drop everything and later allow what you need iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT Related to ftp, in the following link you will find explanation related ( or some other source ) to how ftp works. Link: http://slacksite.com/other/ftp.html#active Best wishes Elvir Kuric PS: what you mean by this " file 1 " " file 2 " On 9/8/07, edwardspl@xxxxxxxxxx <edwardspl@xxxxxxxxxx> wrote: > Dear All, > > For the Firewall setting, how can we use the ftp and ssh service ? > > For file 1 : > > #!/bin/bash > > modprobe ip_tables > modprobe ip_nat_ftp > modprobe ip_conntrack > modprobe ip_conntrack_ftp > > iptables -F > iptables -X > iptables -F -t nat > iptables -X -t nat > iptables -F -t mangle > iptables -X -t mangle > > iptables -P OUTPUT ACCEPT > iptables -P FORWARD ACCEPT > iptables -t nat -P OUTPUT ACCEPT > iptables -t nat -P PREROUTING ACCEPT > iptables -t nat -P POSTROUTING ACCEPT > iptables -t mangle -P PREROUTING ACCEPT > iptables -t mangle -P POSTROUTING ACCEPT > iptables -t mangle -P INPUT ACCEPT > iptables -t mangle -P OUTPUT ACCEPT > iptables -t mangle -P FORWARD ACCEPT > > For file2 > > iptables -P INPUT DROP > iptables -A INPUT -i lo -j ACCEPT > iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT > iptables -A INPUT -p tcp --dport 21 -j ACCEPT > iptables -A INPUT -p tcp --dport 22 -j ACCEPT > > Edward. > >
